Tech Preps Healthcare Organizations For Lawsuits
Healthcare organizations spend and worry more about litigation and regulations than their counterparts in many other industries, study finds. Specialized software helps.
Easy-to-Mock ICD-10 Diagnosis Codes...
Easy-to-Mock ICD-10 Diagnosis Codes... (Click image for larger view and slideshow.)
When a Southern hospital fired its IT director for cause, the disgruntled ex-employee quickly countered by filing two lawsuits. That hospital is not alone: Healthcare organizations faced a growing number of investigations and litigation in 2013, according to a report from Norton Rose Fulbright, a multinational law firm.
The hospital's attorneys sought help from CynergisTek, a consulting firm focused on regulatory compliance in healthcare, said CynergisTek CEO Mac McMillan, who also is chair of the Health Information Management Systems Society (HIMSS) Privacy and Security Policy Task Force. The formerĀ IT director raised nine issues with the Department of Health and Human Services' Office of Civil Rights, McMillan told InformationWeek, but the hospital's best-practices, preparedness, and technologies ensured it quickly negated all but one of the ex-employee's claims.
"On the ninth one -- that people had accessed his record inappropriately -- we found there was evidence of that, but it wasn't by anybody else. It was by him," said McMillan. "The hospital had a policy you couldn't look at your own record, and the only one who looked at his own record was him."
[Is your data locked down? ReadĀ Colleagues In Cuffs: When Employees Steal Patient Records.]
Not all healthcare organizations resolve legal matters as quickly or as inexpensively. But many organizations, from solo practitioners to huge pharmaceutical companies, faced regulatory and litigation scrutiny in 2013, according to Norton Rose Fulbright's "Annual Litigation Trends" survey. In fact, 52% of healthcare organizations viewed legal problems as a top concern in 2013, versus 24% in 2012 and 41% of all respondents. Two-thirds of healthcare organizations were involved in some kind of regulatory investigation last year, the survey reported; in half those cases, the Department of Justice led the investigation.
Figure 1:
In addition, 55% of healthcare respondents were involved in more than 20 lawsuits, compared with 30% of the overall sample. As a result, 49% of healthcare organizations spent $5 million or more on litigation last year. Sixty percent of these organizations have one or more arbitrations pending, the report found.
Privacy and data protection generated problems for 67% of the healthcare organizations polled. By comparison, 60% of technology and communications
firms said they encountered issues with privacy or protection during a dispute or investigation in 2013.
In 2013, for example, pharmaceutical companies battled generic drug makers in the Supreme Court, and the DoJ filed suit against Novartis Pharmaceuticals. More than 7 million patient records were breached in 2013 alone, according to Redspin, leading to HIPAA breaches and subsequent investigations and penalties. When the federal government gets large settlements or continued monitoring agreements, its coffers swell, said Yvonne Puig, US Head of Life Sciences and Healthcare at Norton Rose Fulbright, in an interview.
"This has led to lots of money coming into enforcement at both the federal and state level. With increased enforcement, a general counsel will decide to hire outside counsel, such as ours, and use inside counsel to look at internal compliance programs," she said. "They read about internal enforcement and want to get on top of the trend. As a result, you see a spike in enforcement."
To handle this increased volume, 47% of healthcare organizations surveyed employ more than five full-time lawyers. Despite this, 60% used external counsel to complement their internal resources or -- in 19% of cases -- to conduct six or more internal investigations, according to Norton Rose Fulbright.
Technology is both blessing and curse for healthcare providers.
"We see our life sciences and healthcare clients in particular looking at the special challenges of storage with cloud computing," Puig told us. "As a healthcare company looking for places for storage it is extremely important to consult your in-house and external counsel to ensure compliance. Social media has created special and unique regulatory and compliance and litigation concerns."
That does not mean, however, that healthcare clients should shun cloud and social media. Rather, they should appropriately measure and manage risk, said Puiz.
"If you have to go to a place that has no risk, you can't be competitive. You can't stand still. We must keep pace and be ahead of the technologies that serve our industry."
The first step in addressing a regulatory or legal issue is organization, said CynergisTek's McMillan. That means ensuring that software tracks users' electronic footprints, scrutinizing cloud providers' service-level agreements, and making sure an organization adheres to security and storage best-practices, he said. Adding software that makes it easy to find the information that attorneys -- or subpoenas -- require speeds up the process, which often benefits the healthcare organization, McMillan noted.
"Half of beating a lawsuit or ending up with a better result is being prepared for the allegations or being able to refute them," said McMillan. "Most organizations can't respond or they don't respond to the right thing or in an effective manner. Then the lawyers have a field day."
Download Healthcare IT In The Obamacare Era, the InformationWeek Healthcare digital issue on changes driven by regulation. Modern technology created the opportunity to restructure the healthcare industry around accountable care organizations, but ACOs also put new demands on IT.
About the Author
You May Also Like